package com.hmys.api.config;

import com.hmys.api.service.AuthenticationService;
import com.hmys.api.service.LoginPersistenceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


/**
 * Created by philip on 5/19/17.
 */
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
    private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private LoginPersistenceService loginPersistenceService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                //禁用CSRF保护
                .csrf().disable()
                //配置安全策略
                .authorizeRequests()
                //定义请求不需要验证
                .antMatchers("/",
                        "/swagger-ui.html",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/v2/api-docs",

                        "/login",
                        "/signUp",
                        "/exit",
                        "/register",
                        "/sms/**",
                        "/open/**",
                        "/exchange/**",
                        "/news/**",
                        "/expo/**",
                        "/case/**",
                        "/job/**",
                        "/video/**",
                        "/friend/**",
                        "/weather/**",
                        "/help/**",
                        "/city/**",
                        "/state/**",
                        "/counselor/**",
                        "/house/**",
                        "/location/**",
                        "/message/**",
                        "/upload/**",
                        "/photo/upload",
                        "/countries/**",
                        "/a/**"
                ).permitAll()

                //开放 options 请求
                .antMatchers(HttpMethod.OPTIONS,
                        "/upload/**","/photo/upload","/job/send/email"
                ).permitAll()

                //其他的请求都必须要有权限认证
                .anyRequest().authenticated()
                .and()
                .logout().permitAll()//定义logout不需要验证
                //.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .and()
                //开启cookie保存用户数据
                .rememberMe()
                .rememberMeParameter("always-remember").tokenRepository(loginPersistenceService);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(authenticationService).passwordEncoder(passwordEncoder);
    }
}
